WebSVN – ALCASAR – Diff – /web/acc/manager/lib/sql/create_user.php


<?php
if (is_file("../lib/sql/drivers/$config[sql_type]/functions.php"))
	include_once("../lib/sql/drivers/$config[sql_type]/functions.php");
else{
	echo "<b>Could not include SQL library</b><br>\n";
	exit();
}
include_once('../lib/functions.php');
if ($config['sql_use_operators'] == 'true'){
	include_once("../lib/operators.php");
	$text = ',op';
	$passwd_op = ",':='";
}
$da_abort=0;
$op_val2 = '';
$link = da_sql_pconnect($config);
if ($link){
	mysqli_set_charset($link,"utf8");
	if (is_file("../lib/crypt/$config[general_encryption_method].php")){
		include_once("../lib/crypt/$config[general_encryption_method].php");
		
		//Si auth par @MAC, alors on disocie l'adresse mac du réseau afin que alcasar-macup.sh fasse son travail.
        //Si @MAC à auth a la meme adresse IP, on ne fait pas de dhcp-down.(sinon le PHP ne peut pas s'exécuter entierement)
        $output = array();
        if($passwd == "password" && preg_match('/([a-fA-F0-9]{2}[:|\-]?){6}/', $login))
        {
                exec ("sudo chilli_query list | grep $login |  cut -d' ' -f2", $output);
                //on vérifie que l'@IP de l'@MAC est différente de celle de l'admin sur l'ACC
                if(strpos($output[0], $_SERVER["REMOTE_ADDR"]) === false )
                {
                        exec ("sudo chilli_query dhcp-release $login"); //dhcp-down
                }
        }
        unset ($output);
 
 
		/*Ajout en vue de l'impression des données (thank's to Geoffroy MUSITELLI)*/
		$passwd_imp = $passwd;
		/*Fin Ajout*/
		$passwd = da_encrypt($passwd);
		$passwd = da_sql_escape_string($link, $passwd);
		$res = da_sql_query($link,$config,
		"INSERT INTO $config[sql_check_table] (attribute,value,username $text)
		VALUES ('$config[sql_password_attribute]','$passwd','$login' $passwd_op);");
		if (!$res || !da_sql_affected_rows($link,$res,$config)){
			echo "<b>Unable to add user $login: " . da_sql_error($link,$config) . "</b><br>\n";
			$da_abort=1;
		}
		if ($config['sql_use_user_info_table'] == 'true' && !$da_abort){
			$res = da_sql_query($link,$config,
			"SELECT username FROM $config[sql_user_info_table] WHERE
			username = '$login';");
			if ($res){
				if (!da_sql_num_rows($res,$config)){
					$Fcn = (isset($Fcn)) ? da_sql_escape_string($link, $Fcn) : '';
					$Fmail = (isset($Fmail)) ? da_sql_escape_string($link, $Fmail) : '';
					$Fou = (isset($Fou)) ? da_sql_escape_string($link, $Fou) : '';
					$Fhomephone = (isset($Fhomephone)) ? da_sql_escape_string($link, $Fhomephone) : '';
					$Ftelephonenumber = (isset($Ftelephonenumber)) ? da_sql_escape_string($link, $Ftelephonenumber) : '';
					$Fmobile = (isset($Fmobile)) ? da_sql_escape_string($link, $Fmobile) : '';
					$res = da_sql_query($link,$config,
					"INSERT INTO $config[sql_user_info_table]
					(username,name,mail,department,homephone,workphone,mobile) VALUES
					('$login','$Fcn','$Fmail','$Fou','$Fhomephone','$Ftelephonenumber','$Fmobile');");
					if (!$res || !da_sql_affected_rows($link,$res,$config))
						echo "<b>Could not add user information in user info table: " . da_sql_error($link,$config) . "</b><br>\n";
				}
				else
					echo "<b>Cet usager existe d&eacute;j&agrave; dans la table 'info'</b><br>\n";
			}
			else
				echo "<b>Could not add user information in user info table: " . da_sql_error($link,$config) . "</b><br>\n";
		}
		if (isset($Fgroup) && $Fgroup != ''){
			$Fgroup = da_sql_escape_string($link, $Fgroup);
			$res = da_sql_query($link,$config,
			"SELECT username FROM $config[sql_usergroup_table]
			WHERE username = '$login' AND groupname = '$Fgroup';");
			if ($res){
				if (!da_sql_num_rows($res,$config)){
					$res = da_sql_query($link,$config,
					"INSERT INTO $config[sql_usergroup_table]
					(username,groupname) VALUES ('$login','$Fgroup');");
					if (!$res || !da_sql_affected_rows($link,$res,$config))
						echo "<b>Could not add user to group $Fgroup. SQL Error</b><br>\n";
				}
				else
					echo "<b>User already is a member of group $Fgroup</b><br>\n";
			}
			else
				echo "<b>Could not add user to group $Fgroup: " . da_sql_error($link,$config) . "</b><br>\n";
		}
		if (!$da_abort){
			if (isset($Fgroup) && $Fgroup != '')
				require('../lib/defaults.php');
			foreach($show_attrs as $key => $attr){
				if ($attrmap["$key"] == 'none')
					continue;
				if ($key == "Filter-Id" && $$attrmap["$key"] == "None")
					continue;
				if ($attrmap["$key"] == ''){
					$attrmap["$key"] = $key;
					$attr_type["$key"] = 'replyItem';
					$rev_attrmap["$key"] = $key;
				}
				if (isset($attr_type["$key"]) && $attr_type["$key"] == 'checkItem'){
					$table = "$config[sql_check_table]";
					$type = 1;
				}
				else if (isset($attr_type["$key"]) && $attr_type["$key"] == 'replyItem'){
					$table = "$config[sql_reply_table]";
					$type = 2;
				}
				$val = (isset($$attrmap["$key"])) ? $$attrmap["$key"] : '';
				/*Ajout en vue de l'impression des données (thank's to Geoffroy MUSITELLI)*/
				if($key == "Session-Timeout") $sto_imp = $val;
				if($key == "Max-All-Session") $mas_imp = $val;
				if($key == "Max-Daily-Session") $mds_imp = $val;
				if($key == "Max-Monthly-Session") $mms_imp = $val;
				/*Fin Ajout*/
				$val = da_sql_escape_string($link, $val);
				$op_name = $attrmap["$key"] . '_op';
				$op_val = (isset($$op_name)) ? $$op_name : '';
				if ($op_val != ''){
					$op_val = da_sql_escape_string($link, $op_val);
					if (check_operator($op_val,$type) == -1){
						echo "<b>Invalid operator ($op_val) for attribute $key</b><br>\n";
						continue;
					}
					$op_val2 = ",'$op_val'";
				}
				$chkdef = (isset($default_vals["$key"])) ? check_defaults($val,$op_val,$default_vals["$key"]) : 0;
				if ($val == '' || $chkdef)
					continue;
				$sqlquery = "INSERT INTO $table (attribute,value,username $text)
					VALUES ('$attrmap[$key]','$val','$login' $op_val2);";
				$res = da_sql_query($link,$config,$sqlquery);
				if (!$res || !da_sql_affected_rows($link,$res,$config))
					echo "<b>Query failed for attribute $key: " . da_sql_error($link,$config) . "</b><br>\n";
			}
		}
		echo "<center><b>$l_user '$login' $l_created</b></center><br>";
	}
	else
		echo "<b>Could not open encryption library file</b><br>\n";
}
else
	echo "<b>Could not connect to SQL database</b><br>\n";
?>
 

Subversion Repositories ALCASAR

(root)/web/acc/manager/lib/sql/create_user.php – Rev 2096 → 2226

Rev 2096		Rev 2226
1	`<?php`	1	`<?php`
2	`if (is_file("../lib/sql/drivers/$config[sql_type]/functions.php"))`	2	`if (is_file("../lib/sql/drivers/$config[sql_type]/functions.php"))`
3	`include_once("../lib/sql/drivers/$config[sql_type]/functions.php");`	3	`include_once("../lib/sql/drivers/$config[sql_type]/functions.php");`
4	`else{`	4	`else{`
5	`echo "<b>Could not include SQL library</b><br>\n";`	5	`echo "<b>Could not include SQL library</b><br>\n";`
6	`exit();`	6	`exit();`
7	`}`	7	`}`
8	`include_once('../lib/functions.php');`	8	`include_once('../lib/functions.php');`
9	`if ($config['sql_use_operators'] == 'true'){`	9	`if ($config['sql_use_operators'] == 'true'){`
10	`include_once("../lib/operators.php");`	10	`include_once("../lib/operators.php");`
11	`$text = ',op';`	11	`$text = ',op';`
12	`$passwd_op = ",':='";`	12	`$passwd_op = ",':='";`
13	`}`	13	`}`
14	`$da_abort=0;`	14	`$da_abort=0;`
15	`$op_val2 = '';`	15	`$op_val2 = '';`
16	`$link = da_sql_pconnect($config);`	16	`$link = da_sql_pconnect($config);`
17	`if ($link){`	17	`if ($link){`
18	`mysqli_set_charset($link,"utf8");`	18	`mysqli_set_charset($link,"utf8");`
19	`if (is_file("../lib/crypt/$config[general_encryption_method].php")){`	19	`if (is_file("../lib/crypt/$config[general_encryption_method].php")){`
20	`include_once("../lib/crypt/$config[general_encryption_method].php");`	20	`include_once("../lib/crypt/$config[general_encryption_method].php");`
21		21
22	`//Si auth par @MAC, alors on disocie l'adresse mac du réseau afin que alcasar-macup.sh fasse son travail.`	22	`//Si auth par @MAC, alors on disocie l'adresse mac du réseau afin que alcasar-macup.sh fasse son travail.`
23	`//Si @MAC à auth a la meme adresse IP, on ne fait pas de dhcp-down.(sinon le PHP ne peut pas s'exécuter entierement)`	23	`//Si @MAC à auth a la meme adresse IP, on ne fait pas de dhcp-down.(sinon le PHP ne peut pas s'exécuter entierement)`
24	`$output = array();`	24	`$output = array();`
25	`if($passwd == "password" && preg_match('/([a-fA-F0-9]{2}[:\|\-]?){6}/', $login))`	25	`if($passwd == "password" && preg_match('/([a-fA-F0-9]{2}[:\|\-]?){6}/', $login))`
26	`{`	26	`{`
27	`exec ("sudo chilli_query list \| grep $login \| cut -d' ' -f2", $output);`	27	`exec ("sudo chilli_query list \| grep $login \| cut -d' ' -f2", $output);`
28	`//on vérifie que l'@IP de l'@MAC est différente de celle de l'admin sur l'ACC`	28	`//on vérifie que l'@IP de l'@MAC est différente de celle de l'admin sur l'ACC`
29	`if(strpos($output[0], $_SERVER["REMOTE_ADDR"]) === false )`	29	`if(strpos($output[0], $_SERVER["REMOTE_ADDR"]) === false )`
30	`{`	30	`{`
31	`exec ("sudo chilli_query dhcp-release $login"); //dhcp-down`	31	`exec ("sudo chilli_query dhcp-release $login"); //dhcp-down`
32	`}`	32	`}`
33	`}`	33	`}`
34	`unset ($output);`	34	`unset ($output);`
35		35
36		36
37	`/Ajout en vue de l'impression des données (thank's to Geoffroy MUSITELLI)/`	37	`/Ajout en vue de l'impression des données (thank's to Geoffroy MUSITELLI)/`
38	`$passwd_imp = $passwd;`	38	`$passwd_imp = $passwd;`
39	`/Fin Ajout/`	39	`/Fin Ajout/`
40	`$passwd = da_encrypt($passwd);`	40	`$passwd = da_encrypt($passwd);`
41	`$passwd = da_sql_escape_string($link, $passwd);`	41	`$passwd = da_sql_escape_string($link, $passwd);`
42	`$res = da_sql_query($link,$config,`	42	`$res = da_sql_query($link,$config,`
43	`"INSERT INTO $config[sql_check_table] (attribute,value,username $text)`	43	`"INSERT INTO $config[sql_check_table] (attribute,value,username $text)`
44	`VALUES ('$config[sql_password_attribute]','$passwd','$login' $passwd_op);");`	44	`VALUES ('$config[sql_password_attribute]','$passwd','$login' $passwd_op);");`
45	`if (!$res \|\| !da_sql_affected_rows($link,$res,$config)){`	45	`if (!$res \|\| !da_sql_affected_rows($link,$res,$config)){`
46	`echo "<b>Unable to add user $login: " . da_sql_error($link,$config) . "</b><br>\n";`	46	`echo "<b>Unable to add user $login: " . da_sql_error($link,$config) . "</b><br>\n";`
47	`$da_abort=1;`	47	`$da_abort=1;`
48	`}`	48	`}`
49	`if ($config['sql_use_user_info_table'] == 'true' && !$da_abort){`	49	`if ($config['sql_use_user_info_table'] == 'true' && !$da_abort){`
50	`$res = da_sql_query($link,$config,`	50	`$res = da_sql_query($link,$config,`
51	`"SELECT username FROM $config[sql_user_info_table] WHERE`	51	`"SELECT username FROM $config[sql_user_info_table] WHERE`
52	`username = '$login';");`	52	`username = '$login';");`
53	`if ($res){`	53	`if ($res){`
54	`if (!da_sql_num_rows($res,$config)){`	54	`if (!da_sql_num_rows($res,$config)){`
55	`$Fcn = (isset($Fcn)) ? da_sql_escape_string($link, $Fcn) : '';`	55	`$Fcn = (isset($Fcn)) ? da_sql_escape_string($link, $Fcn) : '';`
56	`$Fmail = (isset($Fmail)) ? da_sql_escape_string($link, $Fmail) : '';`	56	`$Fmail = (isset($Fmail)) ? da_sql_escape_string($link, $Fmail) : '';`
57	`$Fou = (isset($Fou)) ? da_sql_escape_string($link, $Fou) : '';`	57	`$Fou = (isset($Fou)) ? da_sql_escape_string($link, $Fou) : '';`
58	`$Fhomephone = (isset($Fhomephone)) ? da_sql_escape_string($link, $Fhomephone) : '';`	58	`$Fhomephone = (isset($Fhomephone)) ? da_sql_escape_string($link, $Fhomephone) : '';`
59	`$Ftelephonenumber = (isset($Ftelephonenumber)) ? da_sql_escape_string($link, $Ftelephonenumber) : '';`	59	`$Ftelephonenumber = (isset($Ftelephonenumber)) ? da_sql_escape_string($link, $Ftelephonenumber) : '';`
60	`$Fmobile = (isset($Fmobile)) ? da_sql_escape_string($link, $Fmobile) : '';`	60	`$Fmobile = (isset($Fmobile)) ? da_sql_escape_string($link, $Fmobile) : '';`
61	`$res = da_sql_query($link,$config,`	61	`$res = da_sql_query($link,$config,`
62	`"INSERT INTO $config[sql_user_info_table]`	62	`"INSERT INTO $config[sql_user_info_table]`
63	`(username,name,mail,department,homephone,workphone,mobile) VALUES`	63	`(username,name,mail,department,homephone,workphone,mobile) VALUES`
64	`('$login','$Fcn','$Fmail','$Fou','$Fhomephone','$Ftelephonenumber','$Fmobile');");`	64	`('$login','$Fcn','$Fmail','$Fou','$Fhomephone','$Ftelephonenumber','$Fmobile');");`
65	`if (!$res \|\| !da_sql_affected_rows($link,$res,$config))`	65	`if (!$res \|\| !da_sql_affected_rows($link,$res,$config))`
66	`echo "<b>Could not add user information in user info table: " . da_sql_error($link,$config) . "</b><br>\n";`	66	`echo "<b>Could not add user information in user info table: " . da_sql_error($link,$config) . "</b><br>\n";`
67	`}`	67	`}`
68	`else`	68	`else`
69	`echo "<b>Cet usager existe déjà dans la table 'info'</b><br>\n";`	69	`echo "<b>Cet usager existe déjà dans la table 'info'</b><br>\n";`
70	`}`	70	`}`
71	`else`	71	`else`
72	`echo "<b>Could not add user information in user info table: " . da_sql_error($link,$config) . "</b><br>\n";`	72	`echo "<b>Could not add user information in user info table: " . da_sql_error($link,$config) . "</b><br>\n";`
73	`}`	73	`}`
74	`if (isset($Fgroup) && $Fgroup != ''){`	74	`if (isset($Fgroup) && $Fgroup != ''){`
75	`$Fgroup = da_sql_escape_string($link, $Fgroup);`	75	`$Fgroup = da_sql_escape_string($link, $Fgroup);`
76	`$res = da_sql_query($link,$config,`	76	`$res = da_sql_query($link,$config,`
77	`"SELECT username FROM $config[sql_usergroup_table]`	77	`"SELECT username FROM $config[sql_usergroup_table]`
78	`WHERE username = '$login' AND groupname = '$Fgroup';");`	78	`WHERE username = '$login' AND groupname = '$Fgroup';");`
79	`if ($res){`	79	`if ($res){`
80	`if (!da_sql_num_rows($res,$config)){`	80	`if (!da_sql_num_rows($res,$config)){`
81	`$res = da_sql_query($link,$config,`	81	`$res = da_sql_query($link,$config,`
82	`"INSERT INTO $config[sql_usergroup_table]`	82	`"INSERT INTO $config[sql_usergroup_table]`
83	`(username,groupname) VALUES ('$login','$Fgroup');");`	83	`(username,groupname) VALUES ('$login','$Fgroup');");`
84	`if (!$res \|\| !da_sql_affected_rows($link,$res,$config))`	84	`if (!$res \|\| !da_sql_affected_rows($link,$res,$config))`
85	`echo "<b>Could not add user to group $Fgroup. SQL Error</b><br>\n";`	85	`echo "<b>Could not add user to group $Fgroup. SQL Error</b><br>\n";`
86	`}`	86	`}`
87	`else`	87	`else`
88	`echo "<b>User already is a member of group $Fgroup</b><br>\n";`	88	`echo "<b>User already is a member of group $Fgroup</b><br>\n";`
89	`}`	89	`}`
90	`else`	90	`else`
91	`echo "<b>Could not add user to group $Fgroup: " . da_sql_error($link,$config) . "</b><br>\n";`	91	`echo "<b>Could not add user to group $Fgroup: " . da_sql_error($link,$config) . "</b><br>\n";`
92	`}`	92	`}`
93	`if (!$da_abort){`	93	`if (!$da_abort){`
94	`if (isset($Fgroup) && $Fgroup != '')`	94	`if (isset($Fgroup) && $Fgroup != '')`
95	`require('../lib/defaults.php');`	95	`require('../lib/defaults.php');`
96	`foreach($show_attrs as $key => $attr){`	96	`foreach($show_attrs as $key => $attr){`
97	`if ($attrmap["$key"] == 'none')`	97	`if ($attrmap["$key"] == 'none')`
98	`continue;`	98	`continue;`
99	`if ($key == "Filter-Id" && $$attrmap["$key"] == "None")`	99	`if ($key == "Filter-Id" && $$attrmap["$key"] == "None")`
100	`continue;`	100	`continue;`
101	`if ($attrmap["$key"] == ''){`	101	`if ($attrmap["$key"] == ''){`
102	`$attrmap["$key"] = $key;`	102	`$attrmap["$key"] = $key;`
103	`$attr_type["$key"] = 'replyItem';`	103	`$attr_type["$key"] = 'replyItem';`
104	`$rev_attrmap["$key"] = $key;`	104	`$rev_attrmap["$key"] = $key;`
105	`}`	105	`}`
106	`if (isset($attr_type["$key"]) && $attr_type["$key"] == 'checkItem'){`	106	`if (isset($attr_type["$key"]) && $attr_type["$key"] == 'checkItem'){`
107	`$table = "$config[sql_check_table]";`	107	`$table = "$config[sql_check_table]";`
108	`$type = 1;`	108	`$type = 1;`
109	`}`	109	`}`
110	`else if (isset($attr_type["$key"]) && $attr_type["$key"] == 'replyItem'){`	110	`else if (isset($attr_type["$key"]) && $attr_type["$key"] == 'replyItem'){`
111	`$table = "$config[sql_reply_table]";`	111	`$table = "$config[sql_reply_table]";`
112	`$type = 2;`	112	`$type = 2;`
113	`}`	113	`}`
114	`$val = (isset($$attrmap["$key"])) ? $$attrmap["$key"] : '';`	114	`$val = (isset($$attrmap["$key"])) ? $$attrmap["$key"] : '';`
115	`/Ajout en vue de l'impression des données (thank's to Geoffroy MUSITELLI)/`	115	`/Ajout en vue de l'impression des données (thank's to Geoffroy MUSITELLI)/`
116	`if($key == "Session-Timeout") $sto_imp = $val;`	116	`if($key == "Session-Timeout") $sto_imp = $val;`
117	`if($key == "Max-All-Session") $mas_imp = $val;`	117	`if($key == "Max-All-Session") $mas_imp = $val;`
118	`if($key == "Max-Daily-Session") $mds_imp = $val;`	118	`if($key == "Max-Daily-Session") $mds_imp = $val;`
119	`if($key == "Max-Monthly-Session") $mms_imp = $val;`	119	`if($key == "Max-Monthly-Session") $mms_imp = $val;`
120	`/Fin Ajout/`	120	`/Fin Ajout/`
121	`$val = da_sql_escape_string($link, $val);`	121	`$val = da_sql_escape_string($link, $val);`
122	`$op_name = $attrmap["$key"] . '_op';`	122	`$op_name = $attrmap["$key"] . '_op';`
123	`$op_val = (isset($$op_name)) ? $$op_name : '';`	123	`$op_val = (isset($$op_name)) ? $$op_name : '';`
124	`if ($op_val != ''){`	124	`if ($op_val != ''){`
125	`$op_val = da_sql_escape_string($link, $op_val);`	125	`$op_val = da_sql_escape_string($link, $op_val);`
126	`if (check_operator($op_val,$type) == -1){`	126	`if (check_operator($op_val,$type) == -1){`
127	`echo "<b>Invalid operator ($op_val) for attribute $key</b><br>\n";`	127	`echo "<b>Invalid operator ($op_val) for attribute $key</b><br>\n";`
128	`continue;`	128	`continue;`
129	`}`	129	`}`
130	`$op_val2 = ",'$op_val'";`	130	`$op_val2 = ",'$op_val'";`
131	`}`	131	`}`
132	`$chkdef = (isset($default_vals["$key"])) ? check_defaults($val,$op_val,$default_vals["$key"]) : 0;`	132	`$chkdef = (isset($default_vals["$key"])) ? check_defaults($val,$op_val,$default_vals["$key"]) : 0;`
133	`if ($val == '' \|\| $chkdef)`	133	`if ($val == '' \|\| $chkdef)`
134	`continue;`	134	`continue;`
135	`$sqlquery = "INSERT INTO $table (attribute,value,username $text)`	135	`$sqlquery = "INSERT INTO $table (attribute,value,username $text)`
136	`VALUES ('$attrmap[$key]','$val','$login' $op_val2);";`	136	`VALUES ('$attrmap[$key]','$val','$login' $op_val2);";`
137	`$res = da_sql_query($link,$config,$sqlquery);`	137	`$res = da_sql_query($link,$config,$sqlquery);`
138	`if (!$res \|\| !da_sql_affected_rows($link,$res,$config))`	138	`if (!$res \|\| !da_sql_affected_rows($link,$res,$config))`
139	`echo "<b>Query failed for attribute $key: " . da_sql_error($link,$config) . "</b><br>\n";`	139	`echo "<b>Query failed for attribute $key: " . da_sql_error($link,$config) . "</b><br>\n";`
140	`}`	140	`}`
141	`}`	141	`}`
142	`echo "<b>Usager correctement créé</b><br>\n";`	142	`echo "<center><b>$l_user '$login' $l_created</b></center><br>";`
143	`}`	143	`}`
144	`else`	144	`else`
145	`echo "<b>Could not open encryption library file</b><br>\n";`	145	`echo "<b>Could not open encryption library file</b><br>\n";`
146	`}`	146	`}`
147	`else`	147	`else`
148	`echo "<b>Could not connect to SQL database</b><br>\n";`	148	`echo "<b>Could not connect to SQL database</b><br>\n";`
149	`?>`	149	`?>`
150		150